Basic Questions about Password Policy Manager
Q: Is it necessary to install the Password Policy Manager (PPM) component?
A: No. The PPM component is optional and is not necessary in order to use Password Manager.
Q: Why would you want to use the PPM component?
A: The PPM component offers a higher degree of controlling what passwords are acceptable in an environment. With PPM you can set policies such as:
Q: Must the PPM component be installed on ALL domain controllers?
A: Yes, in order for PPM to function correctly the PPM component needs to be installed on all Domain Controllers. If you do not do this, PPM will not be able to enforce policies to users who are connecting to domain controllers if the PPM component is not installed on that DC.
Q: After you install the PPM component, do you need to reboot the domain controller?
A: Absolutely. If you do not reboot the domain controller the operation system may encounter a blue screen failure. You will be prompted to reboot after performing the installation.
Q: How do you configure rules for a password policy?
A: To configure rules for a password policy:
Q. Does Password Policy Manager override the Native Windows security Policy rules?
A: No, Password Manager works in conjunction with Native Windows secuirty policies, and the more restrictive of the two will be enforced. For instance, if the 'Minimum password length' and 'Max password Age' settings are enabled, then the more restrictive of the two will be enforced.
Minimum password length in Active Directory = 8
Minimum password length in Password Manager password policy = 16
16 is more restrictive, so 16 will be enforced.
Max Password Age in Active Directory = 45
Max Password Age in Password Manager password policy = 30
30 is more restrictive, so 30 will be enforced.
Q. What is the name of the service for the Password Policy Management component?
A: There is no service component for Password Policy Managemer component. PPM gets installed on the Domain Controllers as a password filter.
Q. If the Password Manager service is not available, will users get the Password Policy applied?
A: If Password Policy Manager has been deployed on all domain controllers and the Password Policy has been configured from the Password Manager Admin site, the Password Policy will be applied on all users who are trying to change or reset their password by pressing CTLR+ALT+DELETE. However, users will not be able to manage their passwords when accessing the Password Manager self-service site.